IETF Logo Mail Archive

Re: [jose] Feedback request on jose tracker issue#11: Should we use RFC 5116 and remove the JWE Integrity Value field?

"Manger, James H" <James.H.Manger@team.telstra.com> Thu, 18 April 2013 01:56 UTC

Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08D2421F8E94 for <jose@ietfa.amsl.com>; Wed, 17 Apr 2013 18:56:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.176
X-Spam-Level:
X-Spam-Status: No, score=-3.176 tagged_above=-999 required=5 tests=[AWL=-2.275, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f2VyNdw10lmk for <jose@ietfa.amsl.com>; Wed, 17 Apr 2013 18:56:25 -0700 (PDT)
Received: from ipxbno.tcif.telstra.com.au (ipxbno.tcif.telstra.com.au [203.35.82.204]) by ietfa.amsl.com (Postfix) with ESMTP id 3ECAD21F8E8F for <jose@ietf.org>; Wed, 17 Apr 2013 18:56:24 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.87,496,1363093200"; d="scan'208";a="124742409"
Received: from unknown (HELO ipcani.tcif.telstra.com.au) ([10.97.216.200]) by ipobni.tcif.telstra.com.au with ESMTP; 18 Apr 2013 11:56:22 +1000
X-IronPort-AV: E=McAfee;i="5400,1158,7048"; a="76708310"
Received: from wsmsg3755.srv.dir.telstra.com ([172.49.40.196]) by ipcani.tcif.telstra.com.au with ESMTP; 18 Apr 2013 11:56:22 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3755.srv.dir.telstra.com ([172.49.40.196]) with mapi; Thu, 18 Apr 2013 11:56:21 +1000
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: Matias Woloski <matiasw@gmail.com>
Date: Thu, 18 Apr 2013 11:56:20 +1000
Thread-Topic: [jose] Feedback request on jose tracker issue#11: Should we use RFC 5116 and remove the JWE Integrity Value field?
Thread-Index: Ac45+ceuqPVs8idKTXWEuo5DQZLBRQB2LxsQ
Message-ID: <255B9BB34FB7D647A506DC292726F6E1150C90EC77@WSMSG3153V.srv.dir.telstra.com>
References: <51674E3D.7030004@isoc.org> <92D56D5A-C8E3-4143-9976-409D3E6975C3@adm.umu.se> <4E1F6AAD24975D4BA5B168042967394367641218@TK5EX14MBXC283.redmond.corp.microsoft.com> <354223120e2d40b0aea99253c7a15400@BY2PR03MB041.namprd03.prod.outlook.com> <CAK+KdNX7fkrhFjD=40wLvBbf0ma_qa-JbHU5zMidEEFABoVoLw@mail.gmail.com>
In-Reply-To: <CAK+KdNX7fkrhFjD=40wLvBbf0ma_qa-JbHU5zMidEEFABoVoLw@mail.gmail.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Feedback request on jose tracker issue#11: Should we use RFC 5116 and remove the JWE Integrity Value field?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2013 01:56:26 -0000

Matias (thanks for including a rationale with your vote),

I suspect you will have to do "an extra step of binary serialization" more often if JWE keeps the ciphertext and ICV separate.

Consider the Web Crypto API <http://www.w3.org/TR/WebCryptoAPI/#aes-gcm>. It supports an AEAD algorithm: AES GCM. To decrypt: start with a key and parameters (AAD, iv, *length* of tag); then process chunks of ciphertext; then finish.

You don't pass the authentication tag (ICV) to the API as a separate field. It is assumed to be the last bytes of the ciphertext.

Similarly for Java.

--
James Manger



From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Matias Woloski
Sent: Tuesday, 16 April 2013 2:53 AM

1

Rationale: simplicity again. As an implementer I don't want to do an extra step of binary serialize something. Also, strings are easier to debug with fiddler.

On Mon, Apr 15, 2013 at 1:44 PM, Anthony Nadalin <tonynad@microsoft.com> wrote:
1

----------
From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones
Sent: Monday, April 15, 2013 8:20 AM

1.  Continue having separate Ciphertext, Initialization Vector, and Integrity Value values in the JWE representation.

----------
From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Roland Hedberg
Sent: Saturday, April 13, 2013 12:19 PM

1

12 apr 2013 kl. 01:58 skrev Karen O'Donoghue <odonoghue@isoc.org>:

Issue #11 http://trac.tools.ietf.org/wg/jose/trac/ticket/11 proposes restructuring the JWE representation to remove the JWE Integrity Value field and instead use the RFC 5116 (AEAD) binary serialization to represent the Ciphertext, Initialization Vector, and Integrity Value values.  If this proposal is adopted, JWEs would then have three fields - the header, the encrypted key, and the RFC 5116 combination of the Ciphertext, Initialization Vector, and Integrity Value values.
This issue is also related to issue #3.  Note that the updated McGrew draft described there could be used whether or not we switched to using RFC 5116.


Which of these best describes your preferences on this issue?

1.  Continue having separate Ciphertext, Initialization Vector, and Integrity Value values in the JWE representation.

2.  Switch to using the RFC 5116 (AEAD) serialization to represent the combination of these three values.

3.  Another resolution (please specify in detail).

0.  I need more information to decide.



Your reply is requested by Friday, April 19th or earlier.

v2.23.0 | Report a Bug | By Email